Adobe Acrobat/Reader 9.5.1/10.1.3 buffer overflow [CVE-2012-4148]

VulDB: Adobe Acrobat/Reader 9.5.1/10.1.3 buffer overflow [CVE-2012-4148]

General

Adobe

scipID: 5959
Affected: Adobe Acrobat/Reader 9.5.1/10.1.3
Published: 08/14/2012 (John Leitch)
Risk: critical
Entry: 92% complete
Created: 08/17/2012
Updated: 09/03/2012

Summary

A vulnerability classified as critical was found in Adobe Acrobat and Reader 9.5.1/10.1.3. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was shared 08/14/2012 by John Leitch with Microsoft Vulnerability Research as APSB12-16 as bulletin (Website). The advisory is shared for download at adobe.com. The vendor cooperated in the coordination of the public release. This vulnerability is known as CVE-2012-4148 since 08/07/2012. The exploitability is known to be difficult. Access to the local network is required for this attack to succeed. The exploitation doesn’t need any form of authentication. Technical details are unknown but a private exploit is available.

Upgrading to version 9.5.2 or 10.1.4 eliminates this vulnerability. The upgrade is hosted for download at get.adobe.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (84619) and Secunia (SA50281).